#730107 adduser --system and addgroup --system should ignore remote directory services

Package:
adduser
Source:
adduser
Submitter:
Harald Dunkel
Date:
2025-03-08 20:33:03 UTC
Severity:
normal
Tags:
#730107#5
Date:
2013-11-21 14:17:34 UTC
From:
To:
Problem:
adduser --system or addgroup --system refuse to proceed
if the name is already provided by a remote directory
service for passwd or group. On the next reboot the user
or group names cannot be resolved, if the (unrelated!)
directory service is not available yet.

The system users and groups should be defined locally,
independent from the availability of a foreign directory
service.


Regards
Harri

#730107#10
Date:
2013-11-21 19:40:54 UTC
From:
To:
This one time, at band camp, Harald Dunkel said:

adduser uses the system nss routines.  It's up to the admin of the
system to set them up appropriately, sorry.

Cheers,

#730107#15
Date:
2013-11-22 09:28:59 UTC
From:
To:
nsswitch.conf does not provide an interface to
introduce new group IDs. getent uses nss, but this
is a bug report about adduser.


Regards
Harri

#730107#20
Date:
2013-11-22 20:24:43 UTC
From:
To:
This one time, at band camp, Harald Dunkel said:

Sure it does.  man putgrent, although you are right, it is file based.
adduser does not know about directory services, it calls the system nss
routines to determine user and group information, and then it uses the
passwd and related commands to manipulate users and groups.  If those
don't do the right thing with your directory services, then adduser
can't help you.

Cheers,

#730107#25
Date:
2013-12-16 15:13:26 UTC
From:
To:
Please note

- I don't run "adduser --system", but some postinst scripts do. Looking
  at the official interface to manage packages I am not even supposed
  to know which system user accounts are created. All I see is that
  some unrelated system services are not started at boot time, if the
  remote directory service is not running.
- I agree that nsswitch.conf is of no help here. The suggestion of
  this bug report is to ignore remote directory services. Obviously
  this implies to bypass nsswitch.conf and to read&write /etc/passwd
  and the others directly, if --system is set.

Regards
Harri

#730107#30
Date:
2022-03-08 16:29:19 UTC
From:
To:
Control: tags -1 wontfix
thanks

Adduser uses useradd to do its work. I don't think it would be wise to
special case around the low level tools. Please discuss this with the
shadow maintainers, and after they have come up with a fix adduser might
follow or not.

Please consider refering to the technical committee if you feel strongly
about this.

Greetings
Marc

#730107#35
Date:
2022-03-08 16:29:19 UTC
From:
To:
Control: tags -1 wontfix
thanks

Adduser uses useradd to do its work. I don't think it would be wise to
special case around the low level tools. Please discuss this with the
shadow maintainers, and after they have come up with a fix adduser might
follow or not.

Please consider refering to the technical committee if you feel strongly
about this.

Greetings
Marc

#730107#40
Date:
2022-03-09 12:39:17 UTC
From:
To:
Instead of dropping this bug report with won'tfix after 8 years it would have
been appropriate to reassign it to the useradd package immediately.

Thanx very much for your help

Harri

#730107#45
Date:
2022-03-09 12:39:17 UTC
From:
To:
Instead of dropping this bug report with won'tfix after 8 years it would have
been appropriate to reassign it to the useradd package immediately.

Thanx very much for your help

Harri

#730107#48
Date:
2022-03-09 12:39:17 UTC
From:
To:
Instead of dropping this bug report with won'tfix after 8 years it would have
been appropriate to reassign it to the useradd package immediately.

Thanx very much for your help

Harri

#730107#53
Date:
2025-03-08 20:31:30 UTC
From:
To:
Control: reassign -1 passwd
Control: severity -1 wishlist
Control: tags -1 = wontfix

Reassigning to passwd, which provides the {user,group}{add,mod,del}
commands. The shadow suite of programs deals with local files, but
access is still happening through NSS functions.

If you have configured non-local NSS plugins, you've got to make
sure the setup works as a whole for you.

You are welcome.

Chris

#730107#62
Date:
2025-03-08 20:31:30 UTC
From:
To:
Control: reassign -1 passwd
Control: severity -1 wishlist
Control: tags -1 = wontfix

Reassigning to passwd, which provides the {user,group}{add,mod,del}
commands. The shadow suite of programs deals with local files, but
access is still happening through NSS functions.

If you have configured non-local NSS plugins, you've got to make
sure the setup works as a whole for you.

You are welcome.

Chris